Kandu.dk - Virus virus


/ Forside/ Teknologi / Internet / Sikkerhed / Spørgsmål

Glemt dit kodeord?

Brugernavn*

Kodeord *

Husk mig

Brugerservice

Kom godt i gang

Bliv medlem

Seneste indlæg

Find en bruger

Stil et spørgsmål

Skriv et tip

Fortæl en ven

Pointsystemet

Kontakt Kandu.dk

Emnevisning

Kategorier

Alfabetisk

Karriere

Interesser

Teknologi

Reklame

Top 10 brugere

Sikkerhed

#	Navn	Point
1	stl_s	37026
2	arlet	26827
3	miritdk	20260
4	o.v.n.	12167
5	als	8951
6	refi	8694
7	tedd	8272
8	BjarneD	7338
9	Klaudi	7257
10	molokyle	6481

Virus virus
Fra : Er ikke online

freddiemercury Tre en halv stjerne

Vist : 985 gange
100 point
Dato : 15-07-07 07:39

jeg har endelig fået virus, min egen fejl jeg havde lukket AVG ned ved en fejl
det er en trojan house virus, og når jeg åbner joblister-processer tror jeg at der kører et
program der hedder GENERIC.EXE kan det være den, og hvordan fjerner jeg denne

jeg mener jeg skal afslutte processen generic.exe først og så fjerne den et eller andet sted
i system 32

mvh

Kommentar
Fra : Er ikke online

miritdk

Dato : 15-07-07 07:58

hent hijackthis herfra og følg vejledningen - læg derpå loggen herind i tråden så får du hjælp Blink

Kommentar
Fra : Er ikke online

miritdk

Dato : 15-07-07 08:06

og her er linket http://www.malwarecheck.dk/forum/viewtopic.php?t=9 - jeg fik lige strømsvigt Glad

Kommentar
Fra : Er ikke online

molokyle

Dato : 15-07-07 08:27

generic.exe er en proces fra 'Device Management by Teleca Software Solutions':

1.) http://www.processlibrary.com/directory/files/generic

2.) http://www.liutilities.com/products/wintaskspro/processlibrary/generic/

</MOLOKYLE>

Kommentar
Fra : Er ikke online

Teil

Dato : 15-07-07 09:11

Citat
jeg har endelig fået virus

Har du savnet det?

Kommentar
Fra : Er ikke online

freddiemercury Tre en halv stjerne

Dato : 15-07-07 09:28

skal jeg lægge loggen herind i kandu ?

Kommentar
Fra : Er ikke online

miritdk

Dato : 15-07-07 09:31

det er altid rart at få checket loggen så du kan vælge at lægge den ind her - eller du kan gratis oprette dig som bruger her: http://www.malwarecheck.dk/forum/ og lægge loggen her:
http://www.malwarecheck.dk/forum/viewforum.php?f=11&sid=0bb5fb6b06aa1923b801ca8212410254
Glad

Kommentar
Fra : Er ikke online

freddiemercury Tre en halv stjerne

Dato : 15-07-07 09:38

hej igen
jeg prøver lige her først
det er vist en trojan horse som gemmer sig i temp internet files

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:42:47, on 15-07-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\winnt\system32\CTsvcCDA.EXE
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
C:\winnt\system32\svchost.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\winnt\system32\atiptaxx.exe
C:\winnt\SOUNDMAN.EXE
C:\Programmer\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\VIRUSfighter\bin\ZLH.EXE
C:\winnt\system32\ctfmon.exe
C:\Programmer\Creative\MediaSource\Detector\CTDetect.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\Programmer\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Programmer\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmer\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmer\Grisoft\AVG7\avgcc.exe
C:\winnt\explorer.exe
C:\Programmer\Grisoft\AVG7\avgw.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HJTrenamed.exe
C:\Documents and Settings\Allan\Skrivebord\rootchk.exe
C:\winnt\system32\cmd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allanklockmann.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {066A2CDC-319E-4460-BA45-C24562CD51AA} - C:\winnt\system32\fccaaba.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\winnt\system32\qjtdylgq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: (no name) - {AC0A657C-6E2C-453A-AE46-EEA02B0E76EF} - C:\winnt\system32\gebca.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StatusClient] C:\Programmer\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Programmer\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\winnt\system32\ltqhrple.dll",forkonce
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Npm\Bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [ctfmon.exe] C:\winnt\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programmer\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinPop] C:\Programmer\WinPop\winpop.exe
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: MotionBased Agent.lnk = C:\Programmer\MotionBased\Agent\MBAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Hurtig start af Microsoft Office OneNote 2003.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: ZDWLan Utility.lnk = C:\Programmer\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159802367542
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: fccaaba - C:\winnt\SYSTEM32\fccaaba.dll
O20 - Winlogon Notify: gebca - C:\winnt\system32\gebca.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\winnt\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\winnt\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe

--
End of file - 10002 bytes

Kommentar
Fra : Er ikke online

freddiemercury Tre en halv stjerne

Dato : 15-07-07 10:01

har jeg nu lavet et sikkerhedsbrud for mig selv ???

mvh

Kommentar
Fra : Er ikke online

Daxxa

Dato : 15-07-07 10:28

Bare vent, så skal du nok få hjælp...

Kommentar
Fra : Er ikke online

freddiemercury Tre en halv stjerne

Dato : 15-07-07 12:26

ps
jeg får også masser af sider der popper op hele tiden

øv

jeg sletter hele tiden alle filerne i temp internet files, men
de kommer automatisk tilbage !!

Kommentar
Fra : Er ikke online

stl_s

Dato : 15-07-07 14:19

Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Kør så combofix.exe, og følg vejledningen i vinduet.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt som kan findes her-C:\combofix.txt

Kommentar
Fra : Er ikke online

freddiemercury Tre en halv stjerne

Dato : 15-07-07 14:23

tak STL det prøver jeg straks

Kommentar
Fra : Er ikke online

miritdk

Dato : 15-07-07 16:15

Citat
combofix.txt som kan findes her-C:\combofix.txt

...joooeeh - men mon ikke stl_s har glemt at fortælle at loggen fra combofix skulle kopieres herind for maksimal hjælp ???? Nørd, i tvivl!

Kommentar
Fra : Er ikke online

freddiemercury Tre en halv stjerne

Dato : 15-07-07 17:26

jeg synes jeg er lidt på rø... lige nu
jeg har kørt denne combo checker men der kommer ikke en logfil, derimod når jeg starte pc'en op igen får jeg denne melding:
dette program kunne ikke startes "telecalib_logging.dll er ikke fundet
prøv at installere denne igen"

hvad nu?

Kommentar
Fra : Er ikke online

stl_s

Dato : 15-07-07 17:53

Du er ikke på r Flov

ven, men du har fået en meget ondskabsfuld Vundo infektion. Den godt risikere at lave lidt rav i maskinen, når den bliver fjernet, så vi skal være lidt forsigtige.

Prøv om du kan få disse logs frem:

Hent Comboscan her http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

Kør filen, og følg vejledningen.

Når den er færdig med at scanne, vil der åbne sig en log ComboScan.txt

Der vil også åbne en mappe C:\ComboScan med en supplerende log, Supplementary.txt

Kopier begge logs her ind.

Kommentar
Fra : Er ikke online

stl_s

Dato : 15-07-07 17:55

Ups, den er vist taget ned. Hent denne i stedet for http://www.techsupportforum.com/sectools/Deckard/dss.exe

Kopier loggen main.txt her ind

Kommentar
Fra : Er ikke online

freddiemercury Tre en halv stjerne

Dato : 15-07-07 18:54

hejsa igen her er så de filer:

Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (0406) - see http://preview.tinyurl.com/mhhp6

CPU 0: AMD Athlon(tm) XP processor 1800+
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 511.48 MiB / 167.58 MiB
Pagefile Memory (total/avail): 1249.92 MiB / 823.87 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1959.39 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 29.29 GiB total, 5.48 GiB free.
D: is Fixed (NTFS) - 74.53 GiB total, 0.3 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 45.23 GiB total, 3.49 GiB free.
G: is CDROM (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: VIRUSfighter ver. 5.90 v5.90 (SPAMfighter ApS & Norman ASA)
AV: AVG 7.5.476 v7.5.476 (GRISOFT)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.95
(Avira GmbH)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Allan\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Programmer\F‘lles filer
COMPUTERNAME=KONTOR
ComSpec=C:\winnt\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Allan
LOGONSERVER=\\KONTOR
NpmLib=C:\VIRUSfighter\Npm\Bin
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\winnt\system32;C:\winnt;C:\winnt\system32\wbem;C:\winnt\system32;C:\winnt;C:\winnt\system32\WBEM;C:\Programmer\Fælles filer\Teleca Shared;C:\VIRUSfighter\Npm\Bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0602
ProgramFiles=C:\Programmer
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\winnt
TEMP=C:\DOCUME~1\Allan\LOKALE~1\Temp
TMP=C:\DOCUME~1\Allan\LOKALE~1\Temp
USERDOMAIN=KONTOR
USERNAME=Allan
USERPROFILE=C:\Documents and Settings\Allan
windir=C:\winnt

-- User Profiles ---------------------------------------------------------------

Allan (admin)
Clara (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
ACDSee 6.0 PowerPack --> MsiExec.exe /I{38A0BB97-772D-422E-BCCA-4BA2A5D81F42}
ACE-HIGH MP3 WAV WMA OGG Converter --> C:\PROGRA~1\ACE-HI~1\UNWISE.EXE C:\PROGRA~1\ACE-HI~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Programmer\Fælles filer\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programmer\Fælles filer\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\winnt\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Programmer\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Programmer\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.0 - Dansk --> MsiExec.exe /I{AC76BA86-7AD7-1030-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}\setup.exe" -l0x9
ATI Multimedia Center --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{4EAED9E0-1517-11D4-AEAA-006008C398D0}\setup.exe"
ATI Win2k Display Driver --> rundll32 C:\WINNT\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY
AVG 7.5 --> C:\Programmer\Grisoft\AVG7\setup.exe /UNINSTALL
Brother's Keeper 6.1 --> F:\BROTHE~2\UNWISE.EXE F:\BROTHE~2\INSTALL.LOG
C-Media WDM Audio Driver --> C:\WINNT\system32\cmirmdrv.exe
Canon CanoScan Toolbox 4.6 --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{088A077A-8028-408C-AE7B-4512AE2A65A0}\setup.exe" -l0x9 anything
Creative Jukebox Driver --> C:\Programmer\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Creative MediaSource --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Touch --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{1103112B-513D-4DEF-96B4-9889774E0118}\SETUP.EXE" -l0x9 /remove
Crystal Button 2.8 --> C:\Programmer\CrystalButton2\unins000.exe
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Disc2Phone --> MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DOOM II --> C:\winnt\IsUninst.exe -f"C:\Programmer\DOOM II\DOOM II\DOOMII.isu"
Drome Racers --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}\Setup.exe" -l0x6
DVD Shrink 3.2 --> "C:\Programmer\DVD Shrink\unins000.exe"
Express Burn --> C:\Programmer\NCH Swift Sound\ExpressBurn\uninst.exe
Fætter Kanin På Eventyr --> C:\Programmer\Mindscape\Fætter Kanin På Eventyr\uninstall.exe
Flyvende Start Børnehaveklasse v2.5 --> C:\winnt\IsUn0406.exe -fC:\LB\BK\DeIsL1.isu
Garmin Training Center 3.2.2 --> MsiExec.exe /X{EBAC771C-A79F-4D74-AABE-04CA25634278}
Garmin Training Center v4 --> MsiExec.exe /X{DE659AC8-EEF0-4115-AA0C-6500D194FB10}
Garmin WebUpdater --> MsiExec.exe /X{996EC44B-38E1-4898-8E47-3EE3D15F2712}
Google Gmail Notifier --> "C:\Programmer\Google\Gmail Notifier\UninstallGmail.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programmer\google\googletoolbar3.dll"
HijackThis 2.0.2 --> "C:\Programmer\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\winnt\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp LaserJet 1010 Series --> MsiExec.exe /x {292C47B2-8DB7-47BF-896C-C3C5EE8108C4}
Incomedia WebSite X1 --> C:\winnt\system32\ix1Setup.exe /Uninst:C:\WebSite X1
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Krakels ABC --> C:\winnt\IsUn0406.exe -fC:\Levende\Krakel\DeIsL1.isu
LEGO Min Verden - for skoleelever --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{E57FEDB3-37BD-11D4-9532-005004039EB0}\setup.exe"
LimeWire 4.12.15 --> "C:\Programmer\LimeWire\uninstall.exe"
Manual CanoScan 4200F --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{B9C54C44-BB5A-4B03-8907-C01A9790195A}\setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\winnt\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0015-0406-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0016-0406-0000-0000000FF1CE}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170406-6000-11D3-8CFE-0150048383C9}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{9017041D-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (Danish) 2007 --> MsiExec.exe /X{90120000-00BA-0406-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0044-0406-0000-0000000FF1CE}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10406-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote MUI (Danish) 2007 --> MsiExec.exe /X{90120000-00A1-0406-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Danish) 2007 --> MsiExec.exe /X{90120000-001A-0406-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0018-0406-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110406-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (Danish) 2007 --> MsiExec.exe /X{90120000-001F-0406-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Danish) 2007 --> MsiExec.exe /X{90120000-002C-0406-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Danish) 2007 --> MsiExec.exe /X{90120000-0019-0406-0000-0000000FF1CE}
Microsoft Office Shared MUI (Danish) 2007 --> MsiExec.exe /X{90120000-006E-0406-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510406-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (Danish) 2007 --> MsiExec.exe /X{90120000-001B-0406-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\winnt\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MID Converter 4.2 --> C:\Programmer\MID Converter 4.2\uninst.exe
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Opdatering til Windows XP (KB894391) --> "C:\WINNT\$NtUninstallKB894391$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB898461) --> "C:\WINNT\$NtUninstallKB898461$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB900485) --> "C:\WINNT\$NtUninstallKB900485$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB908531) --> "C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB910437) --> "C:\WINNT\$NtUninstallKB910437$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB911280) --> "C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB916595) --> "C:\WINNT\$NtUninstallKB916595$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB920872) --> "C:\WINNT\$NtUninstallKB920872$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB922582) --> "C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB927891) --> "C:\winnt\$NtUninstallKB927891$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB929338) --> "C:\winnt\$NtUninstallKB929338$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB930916) --> "C:\winnt\$NtUninstallKB930916$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB931836) --> "C:\winnt\$NtUninstallKB931836$\spuninst\spuninst.exe"
Outbound --> C:\winnt\IsUninst.exe -fC:\Programmer\Ingava.com\Outbound\Uninst.isu
Pinnacle PCTV --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{3C02ED4F-46B0-4E9E-87F7-47AEBA4031C8}\Setup.exe" -l0x9 -L0x9 UNINSTALL
Politikens Nudansk Ordbog --> MsiExec.exe /I{DDEF42C3-B63D-4DB5-BD05-C6A0760884AF}
Politikens Retskrivningsordbog --> MsiExec.exe /I{8258BA04-BB23-11D5-8A18-0080AD737527}
PowerISO --> "C:\Programmer\PowerISO 3,0\uninstall.exe"
QuickSFV (Remove only) --> C:\Programmer\QuickSFV\QSFVUNST.EXE C:\Programmer\QuickSFV\
QuickTime --> C:\winnt\unvise32qt.exe C:\winnt\system32\QuickTime\Uninstall.log
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Sikkerhedsopdatering til Windows XP (KB890046) --> "C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB893756) --> "C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB896358) --> "C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB896423) --> "C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB896424) --> "C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB896428) --> "C:\WINNT\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB899587) --> "C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB899589) --> "C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB899591) --> "C:\WINNT\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB900725) --> "C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB901017) --> "C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB901214) --> "C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB902400) --> "C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB904706) --> "C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB905414) --> "C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB905749) --> "C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB908519) --> "C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB911562) --> "C:\WINNT\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB911567) --> "C:\WINNT\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB911927) --> "C:\WINNT\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB912919) --> "C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB913433) --> C:\WINNT\system32\MacroMed\Flash\genuinst.exe C:\WINNT\system32\MacroMed\Flash\KB913433.inf
Sikkerhedsopdatering til Windows XP (KB913580) --> "C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB914388) --> "C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB914389) --> "C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB917159) --> "C:\WINNT\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB917344) --> "C:\WINNT\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB917422) --> "C:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB917953) --> "C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB918118) --> "C:\winnt\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB918439) --> "C:\WINNT\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB918899) --> "C:\WINNT\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB919007) --> "C:\WINNT\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB920213) --> "C:\winnt\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB920214) --> "C:\WINNT\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB920670) --> "C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB920683) --> "C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB920685) --> "C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB921398) --> "C:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB921883) --> "C:\WINNT\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB922616) --> "C:\WINNT\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB922760) --> "C:\winnt\$NtUninstallKB922760$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB922819) --> "C:\WINNT\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923191) --> "C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923414) --> "C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923689) --> "C:\winnt\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923694) --> "C:\winnt\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923980) --> "C:\winnt\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB924191) --> "C:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB924270) --> "C:\winnt\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB924496) --> "C:\WINNT\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB924667) --> "C:\winnt\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB925454) --> "C:\winnt\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB925486) --> "C:\WINNT\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB925902) --> "C:\winnt\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB926255) --> "C:\winnt\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB926436) --> "C:\winnt\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB927779) --> "C:\winnt\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB927802) --> "C:\winnt\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB928090) --> "C:\winnt\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB928255) --> "C:\winnt\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB928843) --> "C:\winnt\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB929123) --> "C:\winnt\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB929969) --> "C:\winnt\$NtUninstallKB929969$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB930178) --> "C:\winnt\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB931261) --> "C:\winnt\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB931768) --> "C:\winnt\$NtUninstallKB931768$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB931784) --> "C:\winnt\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB932168) --> "C:\winnt\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB933566) --> "C:\winnt\$NtUninstallKB933566$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB935839) --> "C:\winnt\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB935840) --> "C:\winnt\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sony Ericsson PC Suite 1.20.173 --> MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
SportTracks --> MsiExec.exe /I{4C1AAB41-BFB7-4A55-B7D7-DC9979220CEC}
Stone's SummaSummarum 2.0.6 --> C:\Programmer\SummaSummarum\unins000.exe
Switch --> C:\Programmer\NCH Swift Sound\Switch\uninst.exe
Talbutikken --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{55DCF5D5-5E4B-11D5-B6FD-0090271A6B38}\Setup.exe" UNINSTALL
URL Helper --> "C:\Programmer\URLHelper\unins000.exe"
VideoLAN VLC media player 0.8.4 --> C:\Programmer\VideoLAN\VLC\uninstall.exe
VIRUSfighter --> C:\VIRUSfighter\NVC\BIN\DelNVC5.exe
WavePad Uninstall --> C:\Programmer\NCH Swift Sound\WavePad\uninst.exe
Windows Media Format 11 runtime --> "C:\winnt\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPcap 3.1 --> C:\Programmer\WinPcap\uninstall.exe
WinRAR archiver --> C:\Programmer\WinRAR\uninstall.exe
WinZip --> "C:\Programmer\WinZip\WINZIP32.EXE" /uninstall
WM Recorder 11.0 --> C:\Programmer\WMR11\Uninstal.exe
WM Recorder 9.1 --> C:\WINNT\iun506.exe C:\Programmer\WM Recorder\irunin.ini
ZyDAS IEEE 802.11 b+g Wireless LAN - USB --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\setup.exe" -l0x9

-- End of Deckard's System Scanner: finished at 2007-07-15 at 18:44:00 ---------

Deckard's System Scanner v20070711.54
Run by Allan on 2007-07-15 at 18:40:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 1 Restore Point(s) --
1: 2007-07-15 16:40:33 UTC - RP232 - Deckard's System Scanner Restore Point

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Allan.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:42:47, on 15-07-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\winnt\system32\CTsvcCDA.EXE
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
C:\winnt\system32\svchost.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\winnt\system32\atiptaxx.exe
C:\winnt\SOUNDMAN.EXE
C:\Programmer\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\VIRUSfighter\bin\ZLH.EXE
C:\winnt\system32\ctfmon.exe
C:\Programmer\Creative\MediaSource\Detector\CTDetect.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\Programmer\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Programmer\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programmer\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmer\Grisoft\AVG7\avgcc.exe
C:\winnt\explorer.exe
C:\Programmer\Grisoft\AVG7\avgw.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HJTrenamed.exe
C:\Documents and Settings\Allan\Skrivebord\rootchk.exe
C:\winnt\system32\cmd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allanklockmann.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {066A2CDC-319E-4460-BA45-C24562CD51AA} - C:\winnt\system32\fccaaba.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\winnt\system32\qjtdylgq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: (no name) - {AC0A657C-6E2C-453A-AE46-EEA02B0E76EF} - C:\winnt\system32\gebca.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StatusClient] C:\Programmer\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Programmer\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\winnt\system32\ltqhrple.dll",forkonce
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Npm\Bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [ctfmon.exe] C:\winnt\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programmer\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinPop] C:\Programmer\WinPop\winpop.exe
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: MotionBased Agent.lnk = C:\Programmer\MotionBased\Agent\MBAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Hurtig start af Microsoft Office OneNote 2003.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: ZDWLan Utility.lnk = C:\Programmer\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159802367542
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: fccaaba - C:\winnt\SYSTEM32\fccaaba.dll
O20 - Winlogon Notify: gebca - C:\winnt\system32\gebca.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\winnt\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\winnt\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe

--
End of file - 10002 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\winnt\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 VIAPFD - c:\winnt\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>
R2 CINEMSUP (Software Cinemaster NT4.0 Driver) - c:\winnt\system32\drivers\cinemsup.sys <Not Verified; Divicore Inc.; Software CineMaster NT 4/Win2K>
R3 pfc (Padus ASPI Shell) - c:\winnt\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\winnt\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 grmnusb - c:\winnt\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 NPF (NetGroup Packet Filter Driver) - c:\winnt\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S4 Parallel (Parallelklassedriver) - c:\winnt\system32\drivers\parallel.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 aspnet_state (ASP.NET State Service) - c:\winnt\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)
S3 NMIndexingService - "c:\programmer\fælles filer\ahead\lib\nmindexingservice.exe" (file missing)
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\programmer\winpcap\rpcapd.exe" -d -f "c:\programmer\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>

-- Files created between 2007-06-15 and 2007-07-15 -----------------------------

2007-07-15 11:47:54 0 d-------- C:\Documents and Settings\NetworkService\Menuen Start
2007-07-14 22:23:48 0 d-------- C:\VIRUSfighter
2007-07-14 22:15:59 0 d-------- C:\Documents and Settings\Allan\Application Data\NCH Swift Sound
2007-07-14 12:27:21 0 d-------- C:\Programmer\MID Converter 4.2
2007-07-12 15:59:47 0 d-------- C:\Programmer\CrystalButton2
2007-07-12 13:46:38 0 dr-h----- C:\$VAULT$.AVG
2007-07-12 13:34:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-07-12 13:34:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-12 13:34:00 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-07-12 13:28:35 0 d-------- C:\bintheredunthat
2007-07-12 11:54:27 0 d-------- C:\winnt\SxsCaPendDel
2007-07-05 22:49:17 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-07-05 20:43:21 0 d-------- C:\Programmer\directx
2007-07-05 20:39:22 0 d-------- C:\Programmer\LEGO Interactive
2007-07-04 05:31:11 592 --a------ C:\winnt\chgkey.vbs
2007-06-29 07:05:55 0 d-------- C:\alt til slægtsforskning juni 2007
2007-06-28 06:52:46 0 d-------- C:\26JUNI2007
2007-06-27 17:01:54 360448 --a------ C:\winnt\system32\NCTWMAFile.dll <Not Verified; NCT Company; NCTWMAFile ActiveX DLL>
2007-06-27 17:01:53 1703936 --a------ C:\winnt\system32\NCTAudioFile.dll <Not Verified; NCT Company; NCTAudioFile ActiveX DLL>
2007-06-27 17:01:53 233472 --a------ C:\winnt\system32\lame_enc.dll
2007-06-27 17:01:53 0 d-------- C:\Programmer\ACE-HIGH MP3 WAV WMA OGG Converter
2007-06-27 15:25:26 0 d-------- C:\Programmer\Fælles filer\LightScribe
2007-06-27 15:21:09 0 d-------- C:\Programmer\Nero
2007-06-27 12:38:10 0 d-------- C:\Programmer\PowerISO 3,0
2007-06-26 14:53:31 0 d-------- C:\25JUNI2007
2007-06-24 17:48:10 0 d-------- C:\Programmer\Mindscape
2007-06-16 17:40:51 0 d-------- C:\Programmer\WinPcap
2007-06-16 09:04:14 0 d-------- C:\Documents and Settings\Allan\Application Data\AVG7
2007-06-16 09:03:53 0 d-------- C:\Programmer\Grisoft(2)
2007-06-16 09:03:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2007-06-16 09:03:53 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7(2)
2007-06-15 07:05:08 7077888 --a------ C:\Documents and Settings\Allan\ntuser.dat

-- Find3M Report ---------------------------------------------------------------

2007-07-15 18:42:53 9836 --a------ C:\Programmer\hijackthis.log
2007-07-15 17:24:33 421110 --a------ C:\winnt\system32\perfh006.dat
2007-07-15 17:24:33 74028 --a------ C:\winnt\system32\perfc006.dat
2007-07-15 13:11:53 0 d-------- C:\Programmer\Fælles filer\Ahead
2007-07-15 07:47:15 0 d-------- C:\Documents and Settings\Allan\Application Data\uTorrent
2007-07-14 22:23:47 0 d--h----- C:\Programmer\InstallShield Installation Information
2007-07-12 13:18:44 0 d-------- C:\Documents and Settings\Allan\Application Data\LimeWire
2007-07-12 13:18:13 0 d-------- C:\Programmer\LimeWire
2007-07-12 11:55:17 0 d-------- C:\Programmer\Fælles filer\Adobe
2007-07-09 07:52:10 0 d-------- C:\Documents and Settings\Allan\Application Data\Canon
2007-07-07 13:49:14 0 d-------- C:\Programmer\Java
2007-07-05 20:55:23 664 --a------ C:\winnt\system32\d3d9caps.dat
2007-07-05 20:45:48 768 --a------ C:\winnt\system32\d3d8caps.dat
2007-06-27 15:25:26 0 d-a------ C:\Programmer\Fælles filer
2007-06-27 15:24:14 0 d-------- C:\Documents and Settings\Allan\Application Data\Ahead
2007-06-27 15:15:56 0 d-------- C:\Programmer\ahead
2007-06-23 18:55:04 0 d-------- C:\Programmer\SummaSummarum
2007-06-19 08:52:42 0 d-------- C:\Programmer\Fælles filer\System
2007-06-16 18:20:27 0 d-a------ C:\Programmer\Fælles filer\Microsoft Shared
2007-06-16 17:39:41 0 d-------- C:\Programmer\URLHelper
2007-06-15 18:30:25 0 d-------- C:\Programmer\Microsoft Works
2007-06-13 09:14:42 0 d-------- C:\Documents and Settings\Allan\Application Data\Adobe
2007-06-13 08:47:36 0 d-------- C:\Documents and Settings\Allan\Application Data\.wyzo
2007-06-12 09:15:41 0 d-------- C:\Programmer\MSBuild
2007-06-12 09:14:31 0 d-------- C:\Programmer\Fælles filer\DESIGNER
2007-06-03 07:32:45 0 d-------- C:\Programmer\QuickSFV
2007-06-01 08:32:15 0 d-------- C:\Programmer\Microsoft.NET
2007-05-30 21:28:50 0 d-------- C:\Documents and Settings\Allan\Application Data\Politiken
2007-05-30 20:41:36 0 d-------- C:\Programmer\Polob32
2007-05-30 20:34:59 0 d-------- C:\Documents and Settings\Allan\Application Data\WinRAR
2007-05-29 18:57:30 8 --a------ C:\winnt\system32\CtSACKey.sys
2007-05-29 17:31:48 0 d-------- C:\Documents and Settings\Allan\Application Data\Creative
2007-05-29 17:26:48 0 d-------- C:\Programmer\Creative
2007-05-24 08:19:49 0 d-------- C:\Documents and Settings\Allan\Application Data\Leadertech
2007-05-23 07:09:56 0 d-------- C:\Documents and Settings\Allan\Application Data\AdobeUM
2007-05-23 06:28:51 0 d-------- C:\Documents and Settings\Allan\Application Data\AdobeAUM
2007-05-23 06:13:28 0 d-------- C:\Programmer\MSXML 4.0
2007-05-22 22:23:38 0 d-------- C:\Programmer\Disc2Phone
2007-05-22 22:16:24 0 d-------- C:\Documents and Settings\Allan\Application Data\Teleca
2007-05-22 22:14:48 0 d-------- C:\Programmer\Fælles filer\Teleca Shared
2007-05-22 22:14:18 0 d-------- C:\Programmer\Sony Ericsson
2007-05-22 22:10:30 0 d-------- C:\Programmer\Fælles filer\InstallShield
2007-05-17 14:57:46 0 d-------- C:\Programmer\LEGO Media

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}   C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}   C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7}   c:\programmer\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"OpwareSE2"="\"C:\\Programmer\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"AtiPTA"="atiptaxx.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Programmer\\Google\\Gmail Notifier\\gnotify.exe"
"SoundMan"="SOUNDMAN.EXE"
"StatusClient"="C:\\Programmer\\Hewlett-Packard\\Toolbox2.0\\Apache Tomcat 4.0\\webapps\\Toolbox\\StatusClient\\StatusClient.exe /auto"
"TomcatStartup"="C:\\Programmer\\Hewlett-Packard\\Toolbox2.0\\hpbpsttp.exe"
"SunJavaUpdateSched"="\"C:\\Programmer\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Programmer\\QuickTime\\qttask.exe\" -atboottime"
"GrooveMonitor"="\"C:\\Programmer\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"Sony Ericsson PC Suite"="\"C:\\Programmer\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"Adobe Photo Downloader"="\"C:\\Programmer\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"DAEMON Tools-1033"="\"C:\\Programmer\\D-Tools\\daemon.exe\" -lang 1033"
"Adobe Reader Speed Launcher"="\"C:\\Programmer\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"Norman ZANDA"="C:\\VIRUSfighter\\Npm\\bin\\ZLH.EXE /LOAD /SPLASH"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\winnt\\system32\\ctfmon.exe"
"Creative Detector"="C:\\Programmer\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programmer\\Fælles filer\\Ahead\\Lib\\NMBgMonitor.exe\""
"MSMSGS"="\"C:\\Programmer\\Messenger\\msmsgs.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Programmer\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaaba

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages   REG_MULTI_SZ    msv1_0\0\0
Security Packages   REG_MULTI_SZ    kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages   REG_MULTI_SZ    scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss   REG_MULTI_SZ    RpcSs\0\0
HTTPFilter   REG_MULTI_SZ    HTTPFilter\0\0
LocalService   REG_MULTI_SZ    Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ    DnsCache\0\0
DcomLaunch   REG_MULTI_SZ    DcomLaunch\0TermService\0\0
imgsvc   REG_MULTI_SZ    StiSvc\0\0
termsvcs   REG_MULTI_SZ    TermService\0\0
WudfServiceGroup   REG_MULTI_SZ    WUDFSvc\0\0

-- End of Deckard's System Scanner: finished at 2007-07-15 at 18:44:00 ---------

mvh

Kommentar
Fra : Er ikke online

stl_s

Dato : 15-07-07 19:40

Hvis infektionen skulle lave ballade, så start op, og tryk flere gange på f8 knappen (lige som når du skal i fejlsikret), og kør "Sidst kendte fungerende konfiguration (hvor systemet virkede)". For det meste går det glat, men for alle tilfældes skyld, skal du have informationen.

-------------------------------------------------------

1. Hent Vundofix her http://www.atribune.org/ccount/click.php?id=4

2. Genstart i fejlsikret tilstand. Hvis du ikke ved hvordan, så kig her (Scroll ned til "Sådan får du adgang til fejlsikret tilstand") http://kimludvigsen.dk/tips-windows-fejlsikret.html

3. Kør Vundofix, og klik "Scan for Vundo".

4. Når den er færdig med at scanne, skal du klikke på "Remove Vundo"-knappen.

Du vil så blive spurgt om du er sikker på, at du vil fjerne filerne. Her skal du klikke på "Yes". Herefter bliver dit skrivebord blankt, og fixet vil forsøge at fjerne Vundo. Når den er færdig, vil værktøjet have lov til at lukke computeren ned. Det skal du acceptere.

Hvis der er en fil som fixet ikke kan fjerne, vil det køre ved genstart, og så skal du klikke på "Scan for Vundo", og følge ovenstående vejledning igen.

------------------------------------------------------------

Bagefter så kør Trin1 og 2 her fra http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Begge scannere kan efter følgende lave logs, og dem vil jeg gerne se.

Mht Ewido, så sørg for at "Save report" inden du klikker "Remove infections".

Mht til SuperAntiSpyware, finder du loggen i "Statistics/Logs" (Dobbeltklik på loggen).

Kom også med en frisk HijackThis log, efter en genstart.

Kommentar
Fra : Er ikke online

freddiemercury Tre en halv stjerne

Dato : 16-07-07 08:57

hejsa
jeg har kørt vundofix men der er ikke noget galt der

jeg overvejer på det kraftigste at formatere !!

Kommentar
Fra : Er ikke online

stl_s

Dato : 16-07-07 11:28

Det er op til dig selv om du vil formattere, men det burde ikke være nødvendigt. Prøv at køre de andre scannere, og kom med logsene. Også HijackThis. Med mindre du da vælger formatteringen.

Kommentar
Fra : Er ikke online

freddiemercury Tre en halv stjerne

Dato : 16-07-07 19:11

mange tak for hjaelpen jeg har formatteret HD men er pt i problemer

n[r jeg starter op faar jeg fejlmeldingen
NTLDR is missing , press any key to restart

jeg er noed til at have min win 2000 cd siddende i ellers vil den ikke starte op
og jeg mangler ogsaa de 3 sidste i alfabetet som i ser

help please

kan ikke komme videre da jeg mangler denne ntrdr fil

Accepteret svar
Fra : Er ikke online

stl_s

Modtaget 100 point
Dato : 16-07-07 19:25

Her er lidt hjælp fra helgeC http://www.helgec.dk/ntldr.html

Kommentar
Fra : Er ikke online

freddiemercury Tre en halv stjerne

Dato : 16-07-07 20:21

tak STL
under alle omstaendigheder lukker jeg spoergsmaalet
mange tak for hjaelpen
jeg vender nok tilbage

mvh allan

Godkendelse af svar
Fra : Er ikke online

freddiemercury Tre en halv stjerne

Dato : 16-07-07 20:21

Tak for svaret stl_s.

Du har følgende muligheder

Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.

Søg

Reklame

Statistik

Spørgsmål :	177547
Tips :	31968
Nyheder :	719565
Indlæg :	6408797
Brugere :	218887

Månedens bedste

Årets bedste

Sidste års bedste